Lookups

Jun 23, 2019

Available for these plans:

EnterpriseProCommunity

Lookups let you easily manage sets of data, which you can use in multiple Kibana searches or security rules.
Lookups can hold whitelisted or blacklisted values like usernames, IP addresses, regions, or domains.

For example, if you create a lookup that contains a list of company IP addresses, you can update the lookup as your IP addresses change over time.
All searches and security rules that use this lookup will compare logs to the updated list—so you’ll avoid the mistake-prone process of maually copying your data everywhere it’s used.

You can find lookups by selecting Rules > Lookups from the top menu of your Security Analytics account.

Create or delete a lookup

In the Lookups page,
click New lookup to create an untitled lookup.
Give your new lookup a Name and optional Description.
Your changes are automatically saved when you press Tab to advance to the next form field.